Category: Linux

I’ve been working on infrastructure of a fleet of a few dozen Amazon EC2 instances for the past week, and with a rapidly-growing team, we decided it was appropriate to make a central authentication / authorization service.

So, that meant setting up some sort of LDAP server.

I was a bit intimidated at first (the most I’ve done is seen people manage and complain about Active Directory), but I finally got it set up. Here are the components:

On step 5, the realm join command will prompt for a password. I spent a few days trying to figure out what the best way to automate this was — I tried creating a Kerberos keytab and use that for authentication, but I wasn’t getting consistent results (for some reason that is probably clear to someone who knows a lot about Kerberos, the realm join would work but after a realm leave, Kerberos would complain that the join account didn’t exist anymore — even though I couldn’t find any differences from the AD admin tools). I eventually decided to encrypt the directory join account password in an Ansible vault and use the Ansible expect module to automate the password entry.

To do

I’m currently using the Active Directory “Users & Groups” administration tool to administer users, but this involves booting a Windows instance every time a change to the directory is made — ideally, I want a simple web-based tool to add/remove/change users, their SSH public keys, and groups. There are a few web-based tools out there already, but the ones I’ve come across are either too complicated or don’t manage SSH keys as well.

Some keyboard shortcuts get some getting used to (but most of the time, they’re completely configurable).

Steam is available for Linux! (10 of the 11 titles in my library run on Linux. Does that say something about the games I play, or are Linux ports popular these days?)

If something is broken, it can be fixed*.

(*) maybe, probably. Sometimes. It depends.

Some thoughts specific to the development work I do:

Docker is as easy to use as it is on a Linux server. Because the kernel is exactly the same. 🙂

I can quickly reproduce server environments locally with minimal effort.

Configuration files are in the same place as any Ubuntu 16.04 server.

Some things really surprised me. For example, I plugged my iPhone in to the USB to charge it, and it automatically launched the photo importer and started the tethering connection. I did not expect that on a clean install.

It hasn’t been all peaches and roses, though — there are some specific complaints I have about the file browser (Caja, a Nautilus fork) and the MATE Terminal — so much so that I have replaced the MATE Terminal with GNOME 3’s terminal emulator. I haven’t gotten around to trying other file browser because most of the time I’m browsing files, I’m in the terminal.

Other nice-to-have things that don’t relate to the OS itself, but rather to building your own PC (I’m aware of Hackintosh-ing, but my issues were mainly with software, not hardware):

The particular case I’m using has space for 2 large (optical drive-sized) bays and 8 3.5 inch hard drive bays. That’s a lot of storage. It currently holds 2 SATA SSDs (and one M.2 SSD, but that doesn’t take up any room in the case).

Access to equipment that is much newer / faster than anything you can get via the Apple Store. (I’m planning on getting the Nvidia GTX 1080 at some point in the future, and I’m currently using the i7-6700K quad-core CPU at 4.0GHz now)

Conclusion: I’m enjoying it. I realize that I’m a special case, and I strongly discourage anyone from using Linux on the Desktop unless they really know what they’re doing. In my case, I regularly manage Linux servers professionally, so I know how to fix something when it’s gone wrong (most of the time). I still use a MacBook Pro with OS X installed on it when I’m on the go or need something specifically for Mac, but it usually stays asleep for most of the time.